Re: SELinux and Squid - Non-default squid http_port (!=3128)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: SELinux and Squid - Non-default squid http_port (!=3128)
From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Date: Tue, 30 Aug 2005 10:41:07 -0400
In-reply-to: <[email protected]>
List-archive: <https://www.redhat.com/archives/fedora-list>
List-help: <mailto:[email protected]?subject=help>
List-id: For users of Fedora Core releases <fedora-list.redhat.com>
List-post: <mailto:[email protected]>
List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0.6-5 (X11/20050818)

Paul Howarth wrote:

Øyvind Stegard wrote:
By 'squid_allow_any', I am assuming you mean 'squid_connect_any'. Itried this instead of 'squid_disable_trans', but that does not work.
That would allow squid to connect outbound to web servers running onnon-standard ports; it doesn't affect the port that squid can bind toitself.
I can only get squid up and running on http_port 64030 by setting'squid_disable_trans'.
An alternative approach would be to install the policy sources andedit /etc/selinux/targeted/src/policy/net_contexts, adding a line:
portcon tcp 3128  system_u:object_r:http_cache_port_t

replacing 3128 with the port number you want to use.

Then do:

# cd /etc/selinux/targeted/src/policy
# rm policy.conf
# make reload

Paul.

This is one of the features we are working on for FC5. How to allowadmins to customize

ports, ethernet devices, users and add their own allow rules withoutrequiring policy sources to be installed.


Currently you need to work off the policy-sources.

--

References:
- SELinux and Squid - Non-default squid http_port (!=3128)
  - From: Øyvind Stegard
- Re: SELinux and Squid - Non-default squid http_port (!=3128)
  - From: Thomas Springer
- Re: SELinux and Squid - Non-default squid http_port (!=3128)
  - From: Øyvind Stegard
- Re: SELinux and Squid - Non-default squid http_port (!=3128)
  - From: Rahul Sundaram
- Re: SELinux and Squid - Non-default squid http_port (!=3128)
  - From: Øyvind Stegard
- Re: SELinux and Squid - Non-default squid http_port (!=3128)
  - From: Paul Howarth

Prev by Date: Re: Postfix On Fedora Core4
Next by Date: installation
Previous by thread: Re: SELinux and Squid - Non-default squid http_port (!=3128)
Next by thread: Re: SELinux and Squid - Non-default squid http_port (!=3128)
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]

Powered by Linux